Apache httpd vs. Tomcat 7: port 80 vs. port 8080

Question

I had recently installed Tomcat 7 on Amazon ec2. I found that Tomcat, by default, listens on port 8080.

The documentation on the internet advocates that this is because linux is better saving the lower ports to the super user. (The solution on ec2 btw is creating a Load Balancer - directing the communications from port 80 to port 8080 on the target machine)

Than - to my surprise - I went on and installed an Apache server on another machine (yum install httpd), and surprise! - Apache listens on port 80 by default!

This is awkward i thought... where are the 'port 8080' advocates now?

can anyone please explain the conceptual difference?

Thanks

Answer 1

The difference is mostly historical at this point, but still enforced by Linux and most Unix implementations that I can think of. Unix/Linux considers any port number < 1024 to be "privileged" and requires root privs to bind to them. Any user should be able to bind to ports higher than 1024. If your software package is of a certain vintage it expects to be started as root, bound to a port, and optionally it will then change effective UID to a non-privileged user. Apache HTTPD falls into this category. Software packages created later on (ie Apache Tomcat) typically went the route of doing everything with a non-privileged user and binding to a higher port number by default.

Some firewall admins can, I'm sure, go into detail about how port < 1024 will sometimes get special treatment in firewall configurations in some cases.

Answer 2

I continue the explanation. As @gunglefunk has already answare, the httpd uses port 80 because it runs the main daemon until the root / privileged user, that is allow to bind any port less then 1024. All other threads or workers run a non-privileged user (mostly apache).

Tomcat can use the same principiple. Tomcat is whole written in Java, so there is just one user that is used to run the whole JVM. It is usually user 'tomcat'.

When you want to listen Tomcat on port 80 you have two possibilities.

Run the tomcat under 'root' (change it in tomcat.conf or catalina.sh). However it it not recommended because of security reasons.

Run the tomcat on any port higher than 1024 under a standard user (usually tomcat) and use proxy_ajp protocol. It means you also run Apache HTTPD server on port 80 and forward traffic to the tomcat port (default is http on 8080, https on 8443, ajp on 8009). See https://httpd.apache.org/docs/2.2/mod/mod_proxy_ajp.html and http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html and http://tomcat.apache.org/connectors-doc-archive/jk2/proxy.html